race condition - yajin · a vulnerable set-uid program • access -> check real user id •...

Race Condition

Yajin Zhou (http://yajin.org)

Zhejiang University

Credits: SEEDLab

http://www.cis.syr.edu/~wedu/seed/

A vulnerable Set-UID program

• Access -> check real user id

• Open-> check effective user id

• That’s the reason why we need access before open

How to attack

Experiment

• X->password is stored /etc/shadow

• No x -> password is in /etc/passwd

Experiment

Attack_process.c

Experiment

Target_process.sh

Experiment

Target_process.sh

Experiment

Defense

• Atomic operation

• If we can have an option to tell open to use real UID (instead of

effective UID)

• Sticky protection

Defense

• Least privilege

race condition - yajin · a vulnerable set-uid program • access -> check real user id •...

Documents

check up check up check up check up femra < 40 vjeÇ …

13.1 file directory - yajin · two key abstractions •...

c2 go! check it out check it out check it out check it out...

ap check report - may 2013 · 2013. 7. 3. · check invoice...

go! check it out check it out check it out check it out...

dissecting android malware : characterization and evolution...

format string vulnerability - yajin zhou@zhejiang...

hybrid user-level sandboxing of third-party android...

experiences on mro · c-check, d-check modification...

check in/check out

valves - flowtec.at · check valves / nozzle check valves...

reservations, check-in & check-out

it starts with a dream - kitchen art design€¦ · there,...

understanding by design february...

yajin zhou () zhejiang university

check nbr payee check amount check date stmnt date 34243 a

airbag: boosting smartphone resistance to malware...

operating system services & structures - yajin · operating...

an analysis of the anserverbot trojan · 2011-09-26 · an...

check reversals, check cancels & ach stops. 2 check...